Connects to any signal across any vendor stack and powers adaptive AI Operatives that expose, detect, and neutralize cyberattacks.
Atlas Operations CenterSee what our SOC sees, review investigations, and see how we are protecting your business.
Technology IntegrationsAtlas connects to any signal across your current security tools. Whatever you're running, we're running with you.
Extend your team with immediate expertise, hands-on remediation, and the human accountability layer that boards, regulators, and cyber insurers require.
Threat Response UnitProactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Response and RemediationPairs machine-speed containment with human judgment, delivering full threat response that's policy-bounded, reversible, and explainable.
MDR that moves first, multi-signal attack surface coverage, and 24/7 Elite threat hunters working as one continuous security program across any vendor stack.
Get unlimited Incident Response with threat suppression guarantee- anytime, anywhere.
Full alignment to the five-stages of CTEM operations; scope, discover, prioritize, validate, and mobilize against exposures attackers would use against you.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level eSentire MDR
Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Identity ResponseStop identity-based cyberattacks.
Zero Day AttacksDetect and respond to zero-day exploits.
Cybersecurity ComplianceMeet regulatory compliance mandates.
Third-Party RiskDefend third-party and supply chain risk.
Cloud MisconfigurationEnd misconfigurations and policy violations.
Cyber RiskAdopt a risk-based security approach.
Mid-Market SecurityMid-market security essentials to prioritize.
Sensitive Data SecurityProtect your most sensitive data.
Cyber InsuranceMeet insurability requirements with MDR.
Cyber Threat IntelligenceOperationalize cyber threat intelligence.
Security LeadershipBuild a proven security program.
On May 14th, 2026, Cisco disclosed a maximum severity vulnerability in Cisco Catalyst Software-Defined Wide Area Network (SD-WAN) Controller and SD-WAN Manager. The vulnerability, tracked…
On May 5th, 2026, Palo Alto Networks disclosed CVE-2026-0300 (CVSS: 9.3), a critical zero-day buffer overflow vulnerability that impacts the User-ID Authentication Portal (aka Captive…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
About Us Leadership Careers Event Calendar → Newsroom → Aston Villa Football Club →We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Search our site
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On October 16th, 2023, Cisco issued an advisory about an actively exploited vulnerability in the web UI feature of Cisco IOS XE Software when exposed to untrusted networks or the internet.
Designated as CVE-2023-20198, with a maximum severity CVSS score of 10.0, this vulnerability permits remote attackers, without authentication, to establish an account on a compromised system with privilege level 15 access. The attacker can leverage this unauthorized account to seize control of the affected device. Additionally, it is probable that internet-exposed devices are compromised. Based on open-source analysis conducted by eSentire Threat Intelligence, implant strings were detected on just under 50% of exposed systems based on a review of 1000 exposed systems.
Cisco has clarified that there's no available workaround or patch for this flaw, as of October 17th, 2023, making the mitigation suggestion paramount to apply as soon as possible. Cisco strongly recommends that "customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the ‘no ip http server’ or ‘no ip http secure-server' command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature."
They've also noted indications of the system potentially being compromised, highlighting the seriousness of active exploitation in the wild. Additionally, eSentire TRU has identified exploitation in the wild dating back to at least October 12. Given the gravity of this exploit and the absence of any immediate patches, organizations must assess their exposure and take protective measures.
Cisco has identified an ongoing active exploitation of a previously undisclosed vulnerability in Cisco IOS XE software's Web User Interface (Web UI) feature (CVE-2023-20198). The vulnerability impacts physical and virtual devices running the Web UI software with the HTTP or HTTPS Server feature activated. The Web UI is bundled with the default image, implying that no extra licenses or setups are required for its activation. Upon successful exploitation, the intruder can fabricate an account with privilege level 15 on the compromised device, thus acquiring absolute control of the device and providing a foothold for further unauthorized activities.
Cisco's advisory to deactivate the HTTP server feature on systems, accessible via the Internet, is not just a best practice but also echoes the advisory guidelines previously provided by the U.S. government, emphasizing the risks associated with publicly accessible management interfaces.
The discovery of this vulnerability emerged from a collaborative effort between Cisco support centers and their security team. This collaboration identified unique indicators from a minuscule fraction of cases among the typically high daily case influx.
When this was published on October 17th, no proof-of-concept code was found to be publicly available for CVE-2023-20198. Given the severity of this vulnerability, adherence to the guidelines in Cisco's PSIRT advisory should be prioritized. Organizations, potentially impacted by this vulnerability, must promptly integrate the mitigation steps and perform retroactive sweeps to verify exploitation was not achieved.
Indicators of Compromise:
205.185.123[.]17 | IP Address |
162.33.177[.]204 | IP Address |
5.149.249[.]74 | IP Address |
154.53.56[.]231 | IP Address |
cisco_tac_admin | Username |
cisco_support | Username |
[1] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
[2] Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
[3] CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild
[4] Shodan Search
[5] https://www.cisa.gov/news-events/news/website-security
[6] https://vulncheck.com/blog/cisco-implants